Podcast: Digital Taxation—Implications For EU Technology Companies - Tax - Republik City News

Podcast: Digital Taxation—Implications For EU Technology Companies – Tax


In this Ropes & Gray podcast, Ellen Gilley, an associate in
the tax controversy group, is joined by Kat Gregor, a partner in
the tax group and co-founder of the tax controversy group, and
Rohan Massey, a partner and co-leader of our data, privacy &
cybersecurity group, to discuss the French Digital Services Tax and
other developments in the taxation of digital services, with a
focus on implications for tech companies serving users in the
European Union.


Ellen Gilley: Hello, and thank you for joining
us today on this Ropes & Gray tax controversy case of the
quarter podcast. I’m Ellen Gilley, an associate in the tax
controversy group. Joining me today are Kat Gregor, a tax partner
and tax controversy group co-founder based in our Boston office,
and Rohan Massey, a partner and co-leader of our data, privacy
& cybersecurity group, who is based in our London office. In
today’s podcast, we are taking a different
approach—rather than discussing a judicial decision,
we’re looking at the curious case of the French Digital
Services Tax and other developments in the taxation of digital
services, with a focus on implications for tech companies serving
users in the European Union.

With the consistently growing presence of online businesses and
platforms, the digital economy has become increasingly intertwined
with the traditional economy. However, current tax regimes were
designed to tax companies based on their physical or geographic
connection to a country, and these principles don’t translate
into effective taxation of the digital economy. In particular,
there can be a mismatch between where digital services are being
consumed and where (if at all) these services are being taxed. In
response, different regimes for taxing the digital economy have
emerged at both the national and international level. During this
podcast, we will be examining two of these regimes. The national
example we will explore is France’s Digital Services Tax, which
was enacted in July 2019. On the international level, the
Organization for Economic Cooperation and Development (known as the
OECD) issued a proposal in October 2019 for a single, international
approach to taxing digital services, and we will address its status
and features. This proposal is commonly referred to as “Pillar
One.” As we will discuss, there are common elements to
France’s Digital Services Tax and the OECD’s Pillar One.
For example, both target large tech companies that provide digital
services to consumers. Both also establish the right to tax based
on the user’s location, not the company’s location.

There has been substantial commentary on the taxation of digital
services, particularly in the wake of the French Digital Services
Tax. But less has been discussed about how digital taxation
initiatives interact—and, potentially, conflict—with
the European Union’s strict data protection rules. This podcast
will focus on how these various digital taxes interact with the EU
data protection regulations, and the challenges tech companies face
in complying with both sets of laws. Kat, can you start by giving
us an overview of how the French Digital Services Tax will

Kat Gregor: Sure. In July 2019, France passed a
Digital Services Tax (or DST) that imposed a three percent tax on a
company’s “digital services.” The tax applies
retroactively to January 2019, and the first payment was due in
November 2019.

As you mentioned, the companies targeted by the tax are large
tech companies. Specifically, to be subject to the tax, a company
must generate annual taxable revenue from digital services in
excess of EUR 750 million worldwide and EUR 25 million for services
generated in France. Due to these high thresholds, there are a
limited number of companies—predominantly American
companies—that will be subject to the tax. These companies
include Google, Apple, Microsoft and Facebook, to name a few.

Ellen Gilley: These appear to be all American
companies. Is this going to cause a problem?

Kat Gregor: There certainly have been a lot of
discussions. In response, the Trump Administration launched an
investigation into the French DST and recently concluded that the
tax discriminates against U.S. companies and is unusually
burdensome for the affected U.S. companies. As a result, President
Trump is proposing retaliatory tariffs as high as 100 percent on
high-end French exports, from Gruyere cheese to handbags to

Ellen Gilley: And you mention that the tax
applies to these companies “digital services.” What are
digital services?

Kat Gregor: Yes, digital services subject to
the tax fall into two broad categories. One is interfacing
services— these are technologies that enable users to
interact with each other in order to deliver goods and services.
These include online marketplaces, like eBay and Amazon.

The other category subject to the tax is advertising services,
which are services that allow advertisers to purchase digital ad
space and target specific French users based on data they have
provided through, for example, keywords used in search engines.
It’s important to note that there is a list of excluded
services that are not subject to the
French DST. These include the mere provision of digital content,
communication services and payment services.

Ellen Gilley: Thank you. Ok, so that’s
digital services. Another component of this tax though is that
these services must be provided to “users in France.”
What does this mean?

Kat Gregor: So this means that the user (or
consumer) of the taxable service must be in France when the service
is being used or consumed. This is not based on the user’s
residency (and, thus, is not something that companies can identify
through static documentation). Rather, this test is satisfied in
one of two ways, and requires gathering data on a user’s
physical location at one of two times. First, revenue is sourced to
France for transaction-based services (i.e., participation in an
online marketplace) if the user visits an online interface and
undertakes the transaction through a terminal located in France.
Second, in the case of digital services that are not
transaction-based (in other words, if the user is accessing an ad
or undertaking an activity other than purchasing goods or
services), revenue is sourced to France if the user has an account
that has been opened in France to access the services. The
introduction of this marketplace-based sourcing rule is a
significant change, as income is generally sourced based on the
location of the company’s activities and not the consumer.

Rohan Massey: And, If I may jump in here for a
moment, Kat raises an interesting preview of what we will discuss
later in the podcast, which is that we are seeing a variety of laws
and regulations, not just related to tax, that are reacting to the
digital marketplace, and especially to the fact that data is free
flowing irrespective of geographic or jurisdictional boundaries.
For example, there is a growing shift from using fixed geographic
locations or national boundaries to determine the limitations on
regulatory powers. Notably, the EU’s new data protection regime
looks to protect individuals in Europe no matter where in the world
their data is processed. This shift raises significant implications
for compliance.

Ellen Gilley: Thank you, Rohan. That’s a
great segue into discussing the international tax context. Kat, do
we have an idea of what the OECD plan will look like?

Kat Gregor: We do. The OECD has been studying
the challenges of taxing digital economy at an international level
since 2015. By way of background, tax laws require some connection,
known as nexus, between the income being taxed and the jurisdiction
imposing the tax. Like Rohan mentioned, typically or historically
the nexus rules have been based on a company’s geographic or
physical connection to a jurisdiction. Countries that are
considered “market jurisdictions”—in other words,
those countries with large consumer populations—argue that
these historic tests do not accurately allocate taxable income to
the value generated by providing services digitally to a
country’s consumer base.

In October of this year, the OECD distributed a proposal for a
single, unified approach to tax the digital economy. This document,
which is called the “Unified Approach under Pillar One,”
is part of the OECD’s larger initiative to prevent companies
from shifting profits to low-tax jurisdictions and employing other
techniques to minimize taxes. Pillar Two, which was released one
month later, proposes considerations for ensuring multinational
companies’ profits do not escape taxation and are subject to a
global minimum tax. We are focusing on Pillar One—the Unified
Approach—in this podcast.

Ellen Gilley: Why would the OECD propose a
single international framework for a digital services tax?

Kat Gregor: The alternative to an international
framework is to have countries develop their own digital services
tax, which would vary country to country. This is referred to as
“unilateral action” and could create an international tax
system where companies are struggling to apply a myriad of
different rules. Having different rules and tests could materially
increase the likelihood of double taxation. The simplest example of
this problem is that of the French DST. This is a tax on
revenues (also known as a “turnover
tax”), and is not expected to be eligible for a tax credit for
foreign taxes paid in the United States (or other jurisdictions
offering foreign tax credits), and it is likely to apply to
revenues that other countries’ laws source to their
jurisdictions, and the tax, as a turnover tax, is unlikely to be
covered by tax treaties that would provide means for companies to
resolve any double taxation issues. In essence, anything that
France is taxing under this new DST is very likely also being taxed
somewhere else.

France faced a lot of criticism, primarily by the United States,
as we mentioned earlier, when enacting this provision. In response,
France agreed to replace its DST with whatever provision the OECD
ultimately proposes, and to reimburse taxpayers the excess of the
DST over whatever French tax would have accrued applying the final
OECD approach. But, the OECD approach is just being developed now,
so that is years in the future.

Ellen Gilley: Years in the future, so how
developed is the OECD’s proposal?

Kat Gregor: The proposal is not yet complete,
and no countries have signed onto it. Pillar One is really in its
nascent stage and outlines a framework for implementing a digital
services tax across multiple countries. The OECD continues to
receive comments and hold public hearings on the proposals, and a
number of issues are explicitly left unaddressed and will be
subject to further comment. The OECD intends to work with its
member countries through 2020 to arrive at a consensus.

Ellen Gilley: Is it surprising that the
proposal is not more developed, given that the OECD has been
researching this issue since 2015?

Kat Gregor: I am certainly not surprised that
the proposal is still being developed—taxing the digital
economy in a manner that does not create double taxation requires a
new set of rules and concepts that can also coexist with current
principles. We have seen many jurisdictions, including the U.S.,
struggle to apply existing laws and concepts to the digital
economy—this issue is further exacerbated by the complexity
of the international system where OECD member states have a variety
of domestic tax systems and policies. Again, as Rohan mentioned,
this is a challenge that is playing out in other areas of law and

We also must remember that the OECD represents all its member
states, including “market,””IP-rich” and
“resource-rich” jurisdictions. A country, like France,
might be most concerned with ensuring it receives increased right
to tax value generated by its marketplace, whereas another country
(say, for example, an IP-rich country with a relatively small
population) might instead be focused on retaining historic rules
that would source revenues to the location of intellectual
property. To seek consensus across such differently-situated member
states will be difficult.

Ellen Gilley: Given there is so much
uncertainty, what can you describe about the OECD’s Pillar

Kat Gregor: The OECD has provided guidance on
defining which countries have the right to tax, which companies are
the target of the tax, and which will trigger the tax.

Turning first to defining the right to tax, the OECD has
proposed new nexus rules so that taxing rights can be reallocated
to the country where the users or consumers are located. These are
known as “market jurisdictions.” This approach is the
same concept as the French Digital Services Tax, which imposes
taxes on digital services provided to users in France.

Second, OECD has identified that the targets of the digital
services tax are “large consumer-facing businesses.”
However, we don’t know what “consumer-facing
businesses” really are. The OECD seeks comments and
suggestions to clarify this definition, but as with the French
Digital Services Tax, we do know that the tax is directed at
companies interfacing digitally with consumers to supply consumer
products or digital services. However, at a basic level, this also
means that companies that supply digital products, not to
consumers, but instead to other companies and businesses (taking,
for example, the Amazon Web Services business), would not be pulled
in under the current proposal.

And third, the Pillar One report proposes that revenue
thresholds determine when a market jurisdiction may tax the income
from a digital company. This is similar to the French Digital
Services Tax, which requires that a company generate a minimum
global revenue from providing digital services and also generate a
minimum amount of revenue from providing digital services to users
in France. The OECD, however, has not specified any thresholds.

Ellen Gilley: To summarize, based on what
you’ve described, a country could tax a “large
consumer-facing business” if that company has generated a
certain amount of revenue from providing digital services to users
located in that country or that market jurisdiction. Leaving aside
that we don’t know what “consumer-facing businesses”
mean, or the applicable revenue threshold, can you tell us how the
OECD has proposed to determine the amount of revenue that would be
subject to the tax?

Kat Gregor: Sure. Determining how to allocate a
multinational company’s profits across jurisdictions is perhaps
the most complicated aspect of designing a uniform digital services
tax. As a broad summary, the new nexus rules would entitle a market
jurisdiction to tax a specific portion of a multinational
company’s net operating income, known as the “deemed
residual profit.” This amount would likely be calculated as a
percentage of the company’s global net income, but this has not
yet been determined. It is another outstanding issue that the OECD
intends to resolve over the next year.

In addition to this amount, the OECD proposes applying transfer
pricing principles, with some variation, to tax two other
categories of income if (and only if) the company has an actual
physical presence in the jurisdiction rather than just a digital

Ellen Gilley: What else needs to be added to
this proposal for it to be final and comprehensive?

Kat Gregor: This proposal clearly leaves many
important questions unanswered. In addition to the ones we’ve
already identified (the definition of a digital business, revenue
thresholds for market jurisdictions, and precise methods for
determining profit allocations), there are also issues of treatment
of losses and interaction with existing double tax treaties.
Additionally, there is the practical issue of determining the
location of the user.

Rohan Massey: That’s right, Kat. And as we
mentioned, focusing on the location of the user, which may change,
is a new concept and challenges law and policy makers to rethink
and rework current regulations. But, as you mentioned, the
challenge of compliance is also present, and we see that in data
protection as well as in tax.

Ellen Gilley: Starting first with tax, what
kind of practical challenges do evolving digital tax regimes
present to the companies subject to it?

Kat Gregor: One of the main practical
challenges of complying with both the OECD’s proposal and
France’s Digital Services Tax is determining when a service has
been provided or consumed in a specific jurisdiction. Currently,
some digital companies do not collect sufficient data on the
location of the consumer, instead perhaps collecting only
advertiser location to comply with other non-tax regulations. As a
result, companies might need to build a new infrastructure to track
consumer location. This problem is exacerbated by the retroactivity
of the French Digital Services Tax, since companies that are
required to calculate tax liabilities did not know they needed to
keep records of such data before this July.

Other nuances will further complicate this problem. For example,
it would be difficult for a company to track a user’s location
when using a VPN, which often masks a user’s location. It is
also unclear what the default test will be when the user’s
location really cannot be determined. Would it be the residency of
the users or their nationalities? Would companies allocate sales
based on global populations? It’s unclear. In a similar context
in the IRS’s taxation of cloud computing services in the US,
industry groups are advocating that companies be permitted to
determine the location of the user based on billing

Not only is compliance going to be an issue for companies, but
enforcement of a national digital services tax will also be
challenging, as governments will need to develop the capacity to
demand and analyze full user data sets and then audit them.

Ellen Gilley: Thank you, Kat. Turning to the
EU’s data protection rules, Rohan, could you please explain
what these are and why they’re relevant to the French Digital
Services Tax?

Rohan Massey: Sure. For listeners who
aren’t familiar with this area, there are three main points to
note. Firstly, the General Data Protection Regulation (known as the
“GDPR”) took effect in May 2018 and imposes a wide range
of obligations on organizations that collect, use, store or
transfer personal data. The GDPR also gives individuals new and
enhanced rights over their personal data. And in a significant
break from the previous regime, organizations are now exposed to
potentially eye-watering fines for non-compliance—up to the
greater of EUR 20 million or 4% of their annual worldwide

Secondly, continuing with the example of France, the French data
protection regulator, the CNIL, is one of the most well-resourced,
knowledgeable and aggressive in the EU. As a case in point, earlier
this year the CNIL fined a U.S. tech company EUR 50 million for a
lack of transparency and valid consent in relation to its online
advertising business. That fine remains the most significant
enforcement under GDPR to date—and, to put it in context, the
penalty only amounted to 0.04% of the company’s annual
turnover. So, there is certainly scope for much higher fines coming
in the future.

And thirdly, given its broad definitions of “personal
data” and “processing,” the requirements of the
French Digital Services Tax (and likely other national digital
taxation regimes) will bring the GDPR into scope for many of the
tech companies that offer interfacing and advertising services. On
top of this, the ePrivacy Directive—which governs the privacy
of electronic communications in the EU—will also apply to
companies’ processing of location data. Taken together, these
rules create a number of challenges for tech companies which are
subject to a digital services tax within the EU.

Ellen Gilley: Thanks, Rohan. You mentioned
previously that there are some of these challenges with compliance,
could you tell us more about those?

Rohan Massey: Taking the GDPR first, companies
that act as data controllers—that is, where they determine
the means and purposes of processing of personal data—must
have a legal basis for processing the user’s personal data. For
tech companies covered by a national digital services tax, this
will include the categories of data you might expect, such as
users’ names and login details, but also their IP addresses and
device IDs. Companies will likely legitimize their processing on
the basis that they require it to comply with law—and,
notwithstanding their GDPR obligations relating to transparency,
accountability, security and international data transfers, this
reliance on legal compliance should not be problematic.

Things are more complicated with the ePrivacy Directive. That is
because the Directive allows location data to be used only if the
data are anonymized, or if the user has given consent for a
third-party to use them for a value-added service. In the event
that a digital services tax requires location data to be
non-anonymized in order for the reporting to be effective,
companies could find themselves in a situation where their users
refuse to give consent or revoke their consent at a later date,
which could have adverse implications. In both cases, it is unclear
how a company could effectively honor the user’s request whilst
also complying with the tax. To complicate things further, the EU
institutions are currently debating an ePrivacy Regulation to
replace the Directive, and it’s unclear how, if at all, the
Regulation will interact with the digital services tax that
requires user location.

Ellen Gilley: So, you see the use of the user
location in digital services tax as a key challenge for

Rohan Massey: Yes. In addition to anonymized
data, there is also the challenge Kat mentioned of needing to track
users rather than advertisers, which many of the tech companies
affected by a digital services tax have done historically. In
practice, this will require companies to establish links with end
users in a way that users, and advertisers and companies themselves
have not previously contemplated. Indeed, this potentially
represents a fundamental shift in how online advertising is
structured. The difficulties of obtaining valid consent in this
scenario could be doubly challenging, given the current scrutiny of
the AdTech industry in the EU, which is focused in large part on
the sufficiency of its consent practices. It should not come as a
shock to listeners to learn that this scrutiny is being spearheaded
by the CNIL.

Ellen Gilley: I know none of us has a crystal
ball, but how, if at all, do you see these tensions being

Rohan Massey: I’m afraid that, as things
stand, there’s no easy answer to that question. We are unaware
of the CNIL making any public pronouncements on the DST or how it
will interact with the GDPR or the ePrivacy Directive, so currently
companies are stuck between a rock and a hard place. The result is
that, if this guidance does not materialize, companies which
can’t meet their competing tax and data protection obligations
may have to decide which they choose to prioritize.

Kat Gregor: And the same goes on the tax side.
We are unaware of the French tax authorities taking any official
stance on how the DST will interact with the GDPR or the ePrivacy
Directive. Nor have any proposals coming out of the OECD addressed
the interaction of the digital tax regimes and data protection laws
more generally.

Ellen Gilley: Are there examples of businesses
in the EU facing a similar choice?

Rohan Massey: Indeed there are. The most recent
example we have is in the context of economic sanctions. Following
the U.S. withdrawal from the Iran nuclear deal and its
reintroduction of sanctions against Iran, in May 2018, businesses
in the EU were left with a choice. On the one hand, failure to
comply with the U.S. approach meant that those businesses could
themselves be sanctioned. On the other, the EU Blocking Regulation,
which was introduced in response to the U.S. withdrawal, makes it
an offence for EU businesses to comply with U.S. sanctions. Given
that companies cannot seemingly comply with both requirements, many
are taking a risk-based and commercially driven approach to
compliance—taking into account factors such as their exposure
to Iran and the enforcement histories of the respective U.S. and EU

Ellen Gilley: Do you think that taking a
risk-based and commercially driven approach to compliance is also
how things will play out in the tax context—and, if not, how
can companies resolve these conflicts?

Rohan Massey: Well I hope not, as the
uncertainty in the application of the law is clearly is a bad thing
for businesses, consumers and regulators. The timing of these
developments is also tricky, given that a new ePrivacy Regulation
is currently being negotiated to replace the ePrivacy
Directive—and it is uncertain whether the rules on location
data will change in the final text and how, if at all, they will
interact with laws such as the digital services tax. Assuming they
don’t, and in the absence of regulatory guidance on how to
navigate these competing laws, it would not surprise me to see
companies affected by a digital services tax—which have
already spent considerable time and money addressing their
obligations under EU data protection law—continuing to
prioritize those obligations. In making this decision, companies
subject to France’s Digital Services Tax, for instance, will
weigh the threat of enforcement by CNIL versus the French tax
administration’s anticipated approach on enforcing its rule.
And, once the regulatory picture becomes clearer, companies can
actively start to make structural changes needed to comply with the
digital services taxation laws. But until then, we’re in
something of a holding pattern.

Kat Gregor: And to add to what Rohan describes,
the French Tax Administration has become increasingly aggressive in
recent years, regularly threatening criminal sanctions where
companies took aggressive tax positions historically. Companies
considering a pure risk-based approach where they ultimately choose
not to comply with the DST would do so in the face of possible
threats of criminal sanction by the FTA. Additionally, to the
extent that companies might ultimately be entitled to a refund of
DST paid, to the extent that the OECD approach results in lower tax
in France, they are likely only going to get those refunds if they
complied with the tax in the first place and have adequate records
supporting their reporting positions.

Ellen Gilley: So to take what you have both
said at a very high-level, companies face substantial uncertainties
and compliance costs?

Kat Gregor: Exactly. Also, more and more
countries are looking at adopting their own digital services tax.
This will add to the compliance costs and create the risk of double
taxation—if the location of the user is the test used in
other digital services tax regimes, there is the potential for
double taxation for a single digital transaction, which we touched
on briefly earlier. For example, Italy and the UK are contemplating
a digital services tax themselves.

Rohan Massey: This is not the first time
businesses have had to navigate vague or developing guidance in the
tax or data protection space. But what we are looking at for now is
the potential tension, and even conflict, between these two sets of
laws and the risk that a lack of regulatory clarity creates more
confusion for companies and users.

Kat Gregor: Precisely. As the OECD’s
proposal for digital services taxation and various national-level
digital services tax regimes develop, I expect there will be
clearer guidelines for businesses, and in the meantime, as Rohan
suggested, it appears that businesses will engage in a
fact-intensive analysis.

Ellen Gilley: Thank you both, Kat and Rohan,
for joining us today in discussing the interaction between the
emerging digital services tax regimes and the EU data protection
regulations. We’ll be back soon to discuss the next case of the
quarter. Please visit the Tax Controversy Newsletter webpage at disputingtax.com, or, of course,
for additional news and commentary about other
notable tax developments as they arise. If we can help you navigate
this complex and rapidly developing area of the law, please do not
hesitate to contact us. You can also subscribe and listen to this
series wherever you regularly listen to podcasts, including on Apple, Google and Spotify. Thanks again for listening.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.


Website | + posts

Republik City News is a subsidiary of SuccessValley, an online network community for students and aspiring entrepreneurs. You can reach SuccessValley through this link: https://www.successvalley.tech/

Leave a Comment